Open victomteng1997 opened 3 years ago
When distributing enclaves within a keystore, you'll have to copy over the public folder in the keystore to the external hosts as well. Currently the enclave generation makes use of relative symlinks to point to the public certificates for the trusted certificate authorities. For your multi-machine use case, I assume you've verified that everything is working properly when security is at least disabled, ie your physical networking is set up correctly.
I have verified that everything is working properly when security is disabled. I noticed that the keystore use symlink to point to public certificates, but when using scp command, the target of symlink will be copied. I then tried to copy the whole keystore directory, including public folder to the remote machine, but the error message is the same.
Meanwhile, I also tried create an empty test_demo_keystore
directory on the same machine where demo_keystore
is created. I then copied the talker
folder into this test_demo_keystore
and everything worked. Don't know why it doesn't work on two machines though.
I have verified that everything is working properly when security is disabled.
Ok, that's a good start.
Version or commit hash:
- followed the procedures in SROS2_Linux.md
What version is this exactly? This isn't specific, so I'm not even sure what ROS2 distro or debian package version this is.
I then tried to copy the whole keystore directory, including public folder to the remote machine, but the error message is the same.
I'm not sure the issue here is with the keystore, but you could tarball the keystore before copying it if scp cant handle symlinks.
Don't know why it doesn't work on two machines though.
The security error log message seems to originate from here:
Perhaps you could verify that DDS security for your version of FastRTPS is working outside of ROS?
https://github.com/eProsima/Fast-DDS/tree/master/examples/C%2B%2B/SecureHelloWorldExample
If this SecureHelloWorldExample isn't working, then you may want to follow up with eProsima or try an alternate RMW.
Bug report
Required Info:
Steps to reproduce issue
I followed the documentation listed in SROS2_Linux.md and everything works on single machine. Also tried to set up talker and listener on the two test machines without security features and the communication is good.
I then enabled security, and copied the keystore from one machine to another. I tried to copy files under
talker
folder only, and also tried to copy the whole keystore byscp
. When I executed the talker on the remote machine:On the listener side, there's no terminal output:
I also notice that the Security Error is raised when the listener is started. Tried to search for this error online but didn't find anything useful. Anyone can help to resolve?